Privacy Policy

Last updated: July 2, 2026

1. Who we are

TablioQR is operated by RecapBook LLC, a company registered in Delaware, United States ("TablioQR", "we", "us"). This policy explains what personal information we collect through tablioqr.com and the TablioQR service, how we use it, and the choices you have. Privacy questions: [email protected].

2. Information we collect

From restaurant operators: name, email address, password (stored only as a salted hash), restaurant name and address, menu content and images, staff invitations (names and emails), POS connection details, and billing information.

From guests placing orders: order contents, table or delivery details, phone number (when used for one-time-passcode verification or order updates), email address (when provided), ratings, and feedback.

Payment data: payments are processed by Stripe. Card numbers go directly to Stripe and never touch our servers; we receive only limited metadata such as payment status and the last four digits.

Collected automatically: device and browser information, IP address, approximate location derived from IP, pages viewed, and diagnostic logs, used for security, rate limiting, and improving the Service.

3. How we use information

  • to provide the Service: menus, QR codes, ordering, dashboards;
  • to route orders between guests and the restaurant;
  • to verify identity via one-time passcodes (SMS/WhatsApp);
  • to process subscription billing and guest payments via Stripe;
  • to send transactional email such as receipts and invitations;
  • to prevent fraud and abuse and keep audit records;
  • to comply with legal obligations.

We do not sell personal information.

4. AI processing of menu uploads

When an operator uploads a menu photo or file, we send it to an AI model provider (Google Gemini) to extract structured menu data. Uploads are used to produce the menu draft for that operator; we do not use your menu uploads to train our own models. Avoid including personal information in menu uploads.

5. Who we share information with

We share information only with service providers that help us run TablioQR, under contracts that limit their use of it:

  • Stripe — payment processing and billing;
  • Twilio — SMS/WhatsApp verification codes;
  • Google — AI menu extraction, sign-in, and places/maps;
  • Resend — transactional email;
  • Railway and Cloudflare — hosting, database, and content delivery;
  • POS providers you choose to connect.

Guest order details are shared with the restaurant the order was placed with. We may also disclose information to comply with law, enforce our terms, or as part of a merger or acquisition (with notice).

6. Cookies and local storage

We use a session cookie to keep you signed in and browser local storage for preferences such as language and an onboarding token that lets you resume setup. We do not use third-party advertising cookies.

7. Data retention

Account and restaurant data is kept while the account is active and deleted or anonymized within a reasonable period after deletion is requested. Order and payment records may be retained longer where required for tax, accounting, or fraud-prevention purposes. Verification codes are short-lived and expire within minutes.

8. Security

Data is encrypted in transit (TLS) and at rest. Passwords are stored as salted scrypt hashes. Access to production systems is restricted and audited. No system is perfectly secure — please use a strong, unique password and report concerns to [email protected].

9. Your rights and choices

You may access, correct, export, or delete your personal information by emailing [email protected]. If you are a California resident, you may also have rights under the CCPA/CPRA, including the right to know, delete, and correct; residents of other US states may have similar rights. We honor verified requests within the timeframes required by law. Guests whose data was collected on behalf of a restaurant may also contact that restaurant directly.

10. Children

The Service is not directed to children under 13, and we do not knowingly collect personal information from them. If you believe a child has provided us personal information, contact us and we will delete it.

11. International visitors

The Service is operated from the United States and intended for US restaurants. If you access it from elsewhere, your information will be processed in the United States.

12. Changes to this policy

We may update this policy from time to time. Material changes will be posted on this page with an updated date and, where appropriate, notified by email or in-product notice.

13. Contact

[email protected] · RecapBook LLC, Delaware, United States.

TablioQR is operated by RecapBook LLC — a US-registered technology holding company building QR ordering products for hospitality.

  • Operated by RecapBook LLC
  • Delaware, USA
  • Stripe Verified billing
  • PCI-compliant guest checkout